0b2955689a4f5363aab5769351ef757b1a87ee11de89130c1c8f4b538c725995

Analysis

max time kernel
46s
max time network
130s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b2955689a4f5363aab5769351ef757b1a87ee11de89130c1c8f4b538c725995.exe
Size

357KB
MD5

f6aa22f22ac2e9d1bda7209f29ae4705
SHA1

86f9ee507587a0f022fbf19cc237eec4bcfa74b2
SHA256

0b2955689a4f5363aab5769351ef757b1a87ee11de89130c1c8f4b538c725995
SHA512

1358c052e641751afbe08a9235c44bbd9c8df7eee27bfc15ad6946584f6a982d17362d83da997ca4ba7c973cf698ce53a4b4b16c63d6324ac41110557c90ae9a
SSDEEP

6144:O8Uv494I2tkHZzrL9iw2VKDq/7Kl4CJvmBN5g20LIst+P6H004uzgq39TWa:xUv494IRZfg7KjJvmBmZHJgW9

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1444-55-0x0000000000400000-0x000000000052D000-memory.dmp	upx
behavioral1/memory/1444-57-0x0000000000400000-0x000000000052D000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0b2955689a4f5363aab5769351ef757b1a87ee11de89130c1c8f4b538c725995.exe
"C:\Users\Admin\AppData\Local\Temp\0b2955689a4f5363aab5769351ef757b1a87ee11de89130c1c8f4b538c725995.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1444-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download
memory/1444-55-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/1444-56-0x0000000003470000-0x0000000003480000-memory.dmp

Filesize
64KB

Download
memory/1444-57-0x0000000000400000-0x000000000052D000-memory.dmp

Filesize
1.2MB

Download
memory/1444-58-0x0000000003470000-0x0000000003480000-memory.dmp

Filesize
64KB

Download